Authentication - Gruveo SDK for iOS

Authentication

This page explains the authentication schema used by the Gruveo SDK for iOS as well as the best practices for your implementation.

API Credentials and Token Signing

In order to use the Gruveo SDK, you need to have valid API credentials. The credentials consist of a client ID and an API secret, which you can obtain by applying on this page. For development purposes, you can also use the following demo credentials which limit all calls to 5 minutes:

Client ID: demo
API secret: W62wB9JjW3tFyUMtF5QhRSbk

The client ID is registered in your AppDelegate after application startup as follows:

Every time the Gruveo screen initiates a video or voice call, it will fire the requestToSignApiAuthToken event. For the calls to successfully connect, you will need to implement a delegate function for this event, where you:

  1. Pass the received token value to your server-side signer endpoint
  2. Receive the Base64-encoded HMAC signature for the token from the server side
  3. Pass the signature to the SDK using the [GruveoCallManager authorize:] method.

The token HMAC is computed with SHA-256 as the hash function and with your API secret as the HMAC’s secret key.

Here is how you can compute the HMAC on the server side in a Node.js app (example taken from the server-side part of our Embed API demo). This snippet assumes that the token to sign arrives to the server in the req parameter, i.e. the HTTP request body:

Note: If you want to try the SDK with the demo client ID, you can use the https://api-demo.gruveo.com/signer server endpoint for token signing. This endpoint uses the snippet above to accept the token in the body of a POST request and returns the HMAC in the response body.

Please refer to Setup and Basic Usage for a complete example of SDK authentication.

Security Considerations

You should keep your API secret secure at all times and never expose it in the client code. We strongly recommend computing the token HMAC on the server side with proper authentication of your app. Please refer to our iOS sample project for an example of computing the HMAC on the server side.